Workspace ONE UEM utilizes ACC and the Credential Escrow Gateway feature to send encrypted skeleton profiles back and forth between the SMIME certificate and Workspace ONE UEM. Learn more about the requirements and architecture behind the Credential Escrow Gateway feature.

System Requirements

The following system requirements are recommended for supporting 100,000 devices in Credential Escrow Gateway.

Escrow Gateway

Up to 100,000 devices

Notes

System Requirements

CPU - 4 cores

Per 8,000 devices, up to a maximum of 32,000 devices (8 CPU/ 16 GB RAM) per application server.

Memory

16 GB

Escrow Gateway uses Redis as it's primary data store. Given Redis is an in-memory database, it is essential to allocate sufficient memory. By default, EG sets the upper bound on the total memory used by Redis to be 8 GB. The remaining memory allocation is available for use by other system processes and applications.

Disk Space

40 GB

Load

*Continuous load of 40 requests per second.

*If you adhere to the recommendations in this table.

Required Network Configurations

Credential Escrow Gateway uses port 443 for inbound API requests from ACC and an outbound connection to send completed and encrypted profiles (skeleton profile from UEM hydrated with Customer uploaded SMIME certificate) back to WS1 UEM.

Source Component

Destination Component

Protocol

Port

ACC

AWCM

HTTPS (inbound to AMCW)

2001 - OnPrem

ACC

AWCM

HTTPS (inbound to AWCM)

443 - SaaS

AWCM

ACC

HTTPS (in-bound to ACC)

443

Escrow Gateway

Workspace ONE UEM API

HTTPS (outbound from Escrow Gateway)

443

PKI/Certificate Authority

Escrow Gateway

Open Firewall

Escrow Gateway Architecture Diagram

The following diagram illustrates the Credential Escrow Gateway components and how those components work with your environment.